Fix default security requirements

2018-05-12 13:31:06 +03:00 · 2018-05-12 13:31:06 +03:00 · a993cba7aa
parent bfd88cbdb4
commit a993cba7aa
5 changed files with 30 additions and 5 deletions
--- a/docs/changelog.rst
+++ b/docs/changelog.rst
@ -3,6 +3,15 @@ Changelog
 #########


+*********
+**1.7.2**
+*********
+
+*Release date: May 12, 2018*
+
+- **FIXED:** fixed generation of default ``SECURITY_REQUIREMENTS`` to match documented behaviour
+
+
 *********
 **1.7.1**
 *********
--- a/docs/security.rst
+++ b/docs/security.rst
@ -39,7 +39,7 @@ Security requirements
 The second step is specifying, for each endpoint, which authentication mechanism can be used for interacting with it.
 See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object for details.

-By default, a top-level `security` that accepts all the declared security definitions is generated.
+By default, a top-level `security` that accepts any one of the declared security definitions is generated.
 For the example above, that would be :code:`[{'Basic': []}, {'Bearer': []}]`. This can be overriden using the
 :ref:`SECURITY_REQUIREMENTS <security-definitions-settings>` setting.

--- a/src/drf_yasg/generators.py
+++ b/src/drf_yasg/generators.py
@ -206,7 +206,7 @@ class OpenAPISchemaGenerator(object):
        security_definitions = swagger_settings.SECURITY_DEFINITIONS
        security_requirements = swagger_settings.SECURITY_REQUIREMENTS
        if security_requirements is None:
-            security_requirements = [{security_scheme: [] for security_scheme in swagger_settings.SECURITY_DEFINITIONS}]
+            security_requirements = [{security_scheme: []} for security_scheme in swagger_settings.SECURITY_DEFINITIONS]

        url = self.url
        if url is None and request is not None:
--- a/testproj/testproj/settings/base.py
+++ b/testproj/testproj/settings/base.py
@ -94,7 +94,18 @@ SWAGGER_SETTINGS = {
    'LOGIN_URL': '/admin/login',
    'LOGOUT_URL': '/admin/logout',

-    'DEFAULT_INFO': 'testproj.urls.swagger_info'
+    'DEFAULT_INFO': 'testproj.urls.swagger_info',
+
+    'SECURITY_DEFINITIONS': {
+        'Basic': {
+            'type': 'basic'
+        },
+        'Bearer': {
+            'type': 'apiKey',
+            'name': 'Authorization',
+            'in': 'header'
+        }
+    }
 }

 # Internationalization
--- a/tests/reference.yaml
+++ b/tests/reference.yaml
@ -21,10 +21,15 @@ consumes:
 produces:
  - application/json
 securityDefinitions:
-  basic:
+  Basic:
    type: basic
+  Bearer:
+    type: apiKey
+    name: Authorization
+    in: header
 security:
-  - basic: []
+  - Basic: []
+  - Bearer: []
 paths:
  /articles/:
    get: